same-origin-policy

access-control-allow-origin on playframework

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-08 06:43:20
How can I get playframework to allow non-origin calls? I have tried adding a @Before method to a controller, but that never gets called by an ajax client. @Before public static void setCORS() { Http.Response.current().accessControl("*", "GET,PUT,POST,DELETE", true); } I am trying to setup a test API server for client developers to test against, but that seems to require disabling the Origin restriction. Has anyone else got this working? or accomplished this in a different way? UPDATE: I found this article on the topic http://javathought.wordpress.com/2011/12/04/cross-origin-resource-sharing

How to HTTP POST a Blob to a different domain? [duplicate]

孤者浪人 提交于 2019-12-08 05:40:38
问题 This question already has answers here : How do I send a cross-domain POST request via JavaScript? (17 answers) Ways to circumvent the same-origin policy (11 answers) Closed 6 years ago . I have some Blob() object. I want to upload somewhere else (a website that handle user upload through forms). I can put them in a FormData and send them through an XMLHttpRequest object, but then I can't read the ajax response, because I'm blocked by the same origin policy of the ajax call. How can I get

iframe cross-domain access

血红的双手。 提交于 2019-12-08 03:59:59
问题 I have an HTML page with an iframe included from a cross domain that doesn't belong to me. I need to do some basic javascript modifications in the iframe (write value and fire up an event -> form processing). Because of the same origin policy I'm not allowed to do this. However, I need to do it, so I'm searching for a workaround. The solution is just important that I can run a script for myself. It is enough if it works in one browser and I don't need security for myself. On my research I

Calling parent window method from Iframe (different)

旧城冷巷雨未停 提交于 2019-12-08 01:59:30
问题 I have a page on a domain: http://main.mydomain.com/frame.cfm which holds an iframe, loading a domain http://www.anotherdomain.com. This page http://www.anotherdomain.com has a script reference to http://sub.mydomain.com/somescript.js This somescript is a tracking script like google Analytics, which loads with each request of www.anotherdomain.com. At a certain stage, the script http://sub.mydomain.com/somescript.js in the page www.anotherdomain.com will try to call window.top.aFunction(); or

Access-Control-Allow-Origin header when Origin 'null' when trying to post data to a LOCAL application

五迷三道 提交于 2019-12-08 00:21:30
问题 I'm working on a program which will help interface with your bitcoin wallet via the browser. By setting up the bitcoin client as a server with the following commands in it's .conf file... server=1 rpcuser=test rpcpassword=test rpcallowip=127.0.0.1 It will allow it to run as a server and thus let you post JSON commands at it. I've gotten this to work with the following code below. $.ajax({ url: 'http://test:test@127.0.0.1:29661', type: 'POST', contenType: 'application/json', cache:false,

Catching same origin exception in Javascript?

浪子不回头ぞ 提交于 2019-12-07 16:48:35
问题 I'm trying to create my own XMLHttpRequest framework to learn how this things work internally. A thing that puzzles me is that I cannot find how to catch a "Same origin" exception. The idea behind this is that I try to load a URL, if I get a Same origin exception, I re-request the URL through a proxy script local for the script. The reason I do this is because I need to access production data from a development sandbox and I want it to be as transparent as possible for the script itself. I

Is it safe to have sandbox=“allow-scripts allow-popups allow-same-origin” on <iframe />?

走远了吗. 提交于 2019-12-07 12:46:32
问题 I'm dynamically creating an iframe in my app, result looks as follows: <iframe src="blob:http%3A//localhost%3A9292/0194dfed-6255-4029-a767-c60156f3d359" scrolling="no" sandbox="allow-scripts allow-popups allow-same-origin" name="sandbox" style="width: 100%; height: 100%; border: 0px;"></iframe> Is it safe to have such sandbox configuration (especially allowing the iframe content to be treated as being from the same origin)? 回答1: allow-same-origin is not safe. That will give the iframe the

QtWebkit Same-Origin-policy

我的未来我决定 提交于 2019-12-07 06:47:35
问题 I have QtWebkit ported on Arm based platform. We are able to run QtTestBrowser. I wanted to disable "same-origin-policy" in the above browser. Please let me know if any body has idea on this. 回答1: I know this is old, but you can do this by modifying the QWebPage's settings: auto settings = page.settings(); settings->setAttribute(QWebSettings::LocalContentCanAccessRemoteUrls,true); settings->setAttribute(QWebSettings::LocalContentCanAccessFileUrls,true); 回答2: By default, Qt doesn't expose

Web API 2 project and MVC 5 Website project in same domain

纵饮孤独 提交于 2019-12-07 05:35:52
问题 Technologies used: BreezeJS OData Web API 2 MVC 5 IDE: Visual Studio 2013 I've been wrestling with the idea of having a Web API project and a separate web site project in a single solution. My Web API 2 project opens up as: localhost:2020/ExampleProject.API My MVC 5 WebSite project opens up as: localhost:5050/ExampleProject.WebSite Now by default web api doesn't allow cross origin policies. So I played around with enabling CORS in my Web API 2, although I was able to get it to work, it only

Uncaught SecurityError: Blocked a frame with origin … from accessing a frame with origin

倖福魔咒の 提交于 2019-12-06 11:56:56
问题 I've made a component for an SAP solution (whatever) that is embedded into a report through an iframe. After I deployed the report on an SAP plateform (BO), I got this error (on Chrome, but does not work on IE or FF either): Uncaught SecurityError: Blocked a frame with origin "http://support.domain.com" from accessing a frame with origin "http://support.domain.com". The frame requesting access set "document.domain" to "domain.com", but the frame being accessed did not. Both must set "document
订阅 same-origin-policy